Skip to main content

Mage

マニフェスト生成・編集ツール (Mage.exe) は、アプリケーションおよびデプロイマニフェストの作成と編集をサポートする、コマンドラインツールです。Mage.exEはコマンドラインツールとして、バッチスクリプトとASP.NETアプリケーションを含む他のWindowsベースのアプリケーションの両方から実行することができます。

ヒント

When you sign a manifest file using mage, two signature units are consumed. This is because two hash signatures are created for different types of content within the manifest:

  • The first hash signature is generated for the manifest file itself.

  • The second hash signature is generated for the files referenced within the manifest.

This double-signing process ensures the integrity of both the manifest file and its referenced files, safeguarding against any tampering attempts.

Follow these instructions to sign directly using Mage and securely reference your private key stored in Software Trust Manager via our KSP library. Alternatively, integrate Mage with Signing Manager Controller (SMCTL) for simplified signing.

Prerequisites

Mage commands and parameters

Command options supported by Mage:

Shortcut

Parameter

Description

-s

-sign

Sign a file using a keypair or a certificate.

-v

-verify

Verify that the manifest is signed correctly. This parameter cannot be combined with other commands.

注記

The verify command is only available in .NET Framework 4.7 and later versions.

-a

-Algorithm

Specifies "sha256RSA" or "sha1RSA as the algorithm to generate dependency digests with.

-cf

-CertFile

Provide the path to the certificate you want to sign with.

-ch

-CertHash

Provide the certificate hash or certificate fingerprint.

-kc

-KeyContainer

Provide the keypair alias.

-csp

-CryptoProvider

Specify “DigiCert Signing Manager KSP”.

-ti

-TimestampUri

Specify http://timestamp.digicert.com

注記

When specifying a file you want to sign:

  • Provide only the name of the manifest file if the file is in the same location as where you are running terminal.

  • Provide the path to the manifest file you want to sign if the file is in a different location than where you are running terminal

Sign

You can use one of the following methods to sign binaries with Mage:

証明書を使用してファイルに署名する

To sign, run:

mage -sign <file_name> -CertFile <file_name> -KeyContainer <keypair_alias> -CryptoProvider “DigiCert Signing Manager KSP” -a sha256RSA -TimestampUri http://timestamp.digicert.com

Command sample:

mage -sign example.exe.manifest -CertFile C:\Users\Name\Desktop\example.p12 -KeyContainer key1 -CryptoProvider "DigiCert Signing Manager KSP" -a sha256RSA -TimestampUri http://timestamp.digicert.com

Sign a file using the certificate fingerprint

鍵ペアエイリアスと証明書ファイルパスを提供する

証明書を同期させ、鍵ペアエイリアスと証明書ファイルのパスを入力してください。

To sync the default certificate associated with the specified keypair alias:

smctl windows certsync --keypair-alias=<keypair alias>

注記

For more information refer to the Windows command manual.

To sign, run:

mage -sign <file_name> -CertHash <hash_or_cert_fingerprint> -TimestampUri http://timestamp.digicert.com

Command sample:

mage -sign example.exe.manifest -CertHash f39dbe6bcfaa43ca39585aa40ab0a19bf29991cb -TimestampUri http://timestamp.digicert.com

注記

You must be connected to the Internet when signing a manifest that specifies a -TimestampUri value.

Verify signature

To verify the signed file, run:

mage -verify <file_name>

Command sample:

mage -verify example.exe.manifest

注記

The verify command is only available in .NET Framework 4.7 and later versions.